hxxp://steamcommujity[.]com

Analysis

max time kernel
78s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommujity.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588032969319701"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 4596	2896	chrome.exe	85
PID 2896 wrote to memory of 4596	2896	chrome.exe	85
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 2948	2896	chrome.exe	86
PID 2896 wrote to memory of 4684	2896	chrome.exe	87
PID 2896 wrote to memory of 4684	2896	chrome.exe	87
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88
PID 2896 wrote to memory of 4008	2896	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcommujity.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff369bcc40,0x7fff369bcc4c,0x7fff369bcc58
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5088,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3432,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=208,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3176,i,7958042733813862475,17682196537483496150,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1048

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8a1a2ac29b641849af7e07bcb089b0b5

SHA1
12894513517da0abfc306475c1c0b9b37f51937f

SHA256
1dbd889a13231174d81d6ff5892a857b5dcb30a04734af7d6da3d685f4fb6a8f

SHA512
86ec339bc331e70617ad79071e20527b1772117babb541dc4f865c905ac5778487ed6abbd886cda0a4f518333bf6664889c8f8b8193918cc7078c35b0eaea48a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a54c7fb86dbe1e4e0c30415973590e2

SHA1
6abadff2c46c3e26980fe09bd1c39fd70824d311

SHA256
333bb83947f6148acfbef360c83aa69165dc31e782a3c859911ca08ece7d1d8d

SHA512
05a1dcb1cfa62c85a2b543862182d43ddf38fa038676b808a6f37c1ddb82a6877fdaaf0fbbb445a7501a1c69e2eb422adb3083689128eed0c6c9f7201a92afa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dde2925cdb78263261e31ec9d9534aea

SHA1
6806d09795bc91912a1c89d25231e9f249338789

SHA256
d0e42fcedf3df5b1d88db01e7a723b9d4f4403ae10b55e5b991ce3808728bd23

SHA512
d1a02cb64190197fb55d316de40d95d01d571c1e0133c6d1c1aac0283dde09cde245957b034be7debe370c7359de78be2754bb0c5933a2bc31097a76e9c02339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6bce0be8700e5ffa6b339e205853dbc

SHA1
eab4a59625e8ffac72a993f6b497b2c0553d4608

SHA256
ebc005153568ed418b3f89a82c4dea1d8b367448d7297ac946b891fd9f65d733

SHA512
265f8f6459f32defb8a33c39fbd26a2efcf4e7e51ff8bb81400021919cc5c4cb1b1b1cc1cecb46d638f0f2836ac1473c9ef4306487f41fdfd7217b856647e6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fb50f45521d778c7e64c33f02cf46cd

SHA1
c49e2f1e15f11fa59da472215bb7c69a007ef013

SHA256
3720ee99d62cd0fab1fd71f69a9f914ee700d236d5a0f44ef6a3a26fc5cff44a

SHA512
86aab8ac2eb7905a44884e9448e5c981a4b7105b1a413a5d39fffc9c0b50b13d4a3c6f0462c7ad1fece93d88b9bd8881b2308ab933e5f578716860db5c8d02e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
81e4a9a46cc62a1b369ffd82e889c80b

SHA1
42377a66e3b85ed381d567a2c69021326da949f7

SHA256
547c6e187d5fc35e13f04962f4709bb98747a24a2f7b356113651ec3592f8f35

SHA512
09ba0e8c0b86fdd8a98806afbc7ceb4f4df910e4677581bd46fc56a6a687720c56a39b53ba58d88639b08fda9b4eaf03a2dbdbccce210f2d30053e9afc3ed9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
f2153483e5b54bc966299fbb151ae3b5

SHA1
cb89caed9c74eb3e16c18a01300866a988cc63d0

SHA256
09cec33668eb7f8f5da39938440a4eca5a5d64eecabda84bcf05e9d5a0fc74a8

SHA512
f41b7cd514e74d3b0085236e6a230600f4eac9d7b0e5cd1b7be468f8ee385fca7ceeb757f1136a3f6b31f24014b05a4a0b7438277bfd97a8aec53b10fa7bbb35

Download Submit